Multi-factor authentication (MFA) protects you from unauthorized third-party use and thus makes an important contribution to data security. We strongly recommend enabling MFA, as this is an effective way to prevent insecure passwords and third-party access.


This article offers answers to the following questions:


What exactly is multi-factor authentication?

As part of multi-factor authentication, you will also be asked for a security code when logging in, which will be generated by your registered Authenticator app or sent to you as an SMS or email. With this feature, Falcon effectively prevents any login attempts that are not your own.

Do I have to do this every time?

Yes. If you enable MFA, you must enter the security code each time you log in. However, if you selected the "Remember me" box when you logged in, you will remain logged in for 30 days and will not have to log in again during this period unless you actively log out.

Furthermore, the prompt still comes when Falcon has reason to believe that you are not attempting a log-in yourself. To evaluate this, Falcon uses a few clues (e.g. the location of the log-in, the device, the browser used - here is a complete list). If these clues differ from your personal standard, Falcon asks for confirmation by code.



How can I enable multi-factor authentication?

You can manage multi-factor authentication individually in your user account. To do this, you need to click on your user account and on the "Security" tab. There you can activate the function. We strongly recommend to activate the function.



How can I enable multi-factor authentication via SMS?

By default, you receive the MFA code via email. However, receiving it as an SMS is often faster, more user-friendly, and also more secure. A second channel is used, but since SMS can also be intercepted, we recommend using an authenticator app.

If you want to receive the code via SMS, you can set this in the user account. To do this, select the Security tab, activate MFA (1) and enter your mobile phone number in the field provided (2). You will then receive a code via SMS for the first time, which you must enter for confirmation (3). Once confirmed the authentication via SMS is activated.



How can I activate MFA via Authenticator App?

The Authenticator app is the fastest and most secure MFA option. The code is generated by the app on your mobile phone, so the security code cannot be intercepted. That's why we recommend this option.

If you want to get the code by app, you first need to install any Authenticator app on your phone, e.g:

After that, go to your user account in Falcon.

  1. Select the Security tab

  2. Click on Set up Authenticator App

  3. Scan the QR code

  4. To do this, open the app and tap on the + icon (the example shows Google Authenticator).

  5. Then tap on Scan QR code and scan the QR code

  6. A security code for your Falcon account will now appear

  7. Enter the verification code in Falcon

  8. Click Save

From now on, you will receive the confirmation code via the app on your mobile phone.

Note: If you delete the Authenticator app from your phone or delete your Falcon account from the app before you disable app authentication in Falcon, you will no longer be able to log in to Falcon.

If this mishap should ever happen to you anyway, simply contact support@nordantech.com.


Why is multi-factor authentication triggered although I turned it off?

The first time you log in from a browser other than the one you registered with Falcon, Falcon prompts you to authenticate with a security code - for example, you registered with Microsoft Edge and now log in with Firefox.

After that, the feature is disabled by default. However, if Falcon detects a possible third-party access attempt, MFA is still triggered. The following reasons can trigger the process:

Login attempt ...

... with another device / operating system.

... with another browser.

... from another time zone.

... from another location.

... with a different internet service provider.

With this logic, Falcon identifies any login attempts that are potententially not your own.

As a hub owner, how can I see if the users in my hub have multi-factor authentication enabled?

In the user tab in the administration area of Falcon, there is a column (next to the user's email address) that shows a green check mark for users who have enabled MFA via Authenticator App, a yellow check mark for MFA SMS and a red check mark for MFA via email. In addition, you can also find this information in the user export.


As a Hub admin, how can I set that multi-factor authentication must be enabled for all Hub users?

In the Hub settings, in the Security tab, you can specify whether MFA is mandatory for a login to the Hub.

You can also decide whether multi-factor authentication should be done via:

  • via email, SMS or Authenticator

  • via SMS or Authenticator

  • by Authenticator only (best, because most secure)


We strongly recommend activating the MFA via app, as this is an effective way to prevent insecure passwords and unauthorized access.


Click here for more information about data security in Falcon.

Did this answer your question?